ANALYTICS
Across all areas of our site, we use Matomo analytics software. Matomo is hosted on this server, so we own all of the collected data.
We collect the following data:
An example of how we may use the analytical data is that we find a specific page is only viewed for a few seconds on mobile, when it is viewed for minutes on a desktop. This would suggest that there is an issue with the mobile version of the site. We find that the layout on mobile is broken, we fix the issue, and can see that resolved in the analytics because the viewing time evens out.
COOKIES
Only chocolate chip cookies are acceptable here.
All of our software packages (analytics, contact, forms, forum, homepage, and shortener systems) use cookies to keep you logged in and to remember specific user preferences. Almost all cookies are required for everything to work correctly.
The only performance/tracking cookies we use are part of the analytics system, covered separely in this post.
Where content has been embedded, or you otherwise interact with third party services (such as Facebook and YouTube), they may set their own cookies. We cannot control this.
DATA BREACHES
If you become aware of a data breach, you must:
DATA PROTECTION
Are you registered with the Information Commissioners Office?
DIRECT MESSAGES
We trust our members to use direct messages responsibly, so we do not actively review direct messages, whether automatically or manually.
However, forum staff still have the ability to read all direct messages sent on our forum, including direct messages that have been deleted or edited. This ability must only be used when a direct message has been reported, or when a staff member has a reasonable suspicion that a member is using the direct messages system irresponsibly. Staff members cannot read your direct messages for any other purpose. The staff member reviewing the direct messages has the right to review other unrelated direct messages but only to identify irresponsible use.
When a staff member reads a members direct messages, they will not inform you that they have done so, although they must still record the reason and outcome of the review internally, so that the forum management can audit these actions. Staff members found reading members direct messages without a valid purpose, or where they are not recording their actions correctly, will be disciplined.
Across all areas of our site, we use Matomo analytics software. Matomo is hosted on this server, so we own all of the collected data.
We collect the following data:
- How many visitors are on the site at the same time
- How visitors engage, interact, and navigate around the site
- What type of device visitors are using
- Where visitors come from, and where they go to after
- Which files have been downloaded
- Which pages have been visited, and how long they are visited for
- Understand and resolve any broken links, technical issues, and slow loading times
- Understand if our design, features, and navigation are working satisfactorily
- Understand what may be discouraging or encouraging visitors to become members
- Understand where visitors are coming from, and where we can post content to increase awareness of our site
- Understand which attachments/files are of significance, and may need to be copied on to our server
- Understand which pages may need changing to improve readability and/or usability
An example of how we may use the analytical data is that we find a specific page is only viewed for a few seconds on mobile, when it is viewed for minutes on a desktop. This would suggest that there is an issue with the mobile version of the site. We find that the layout on mobile is broken, we fix the issue, and can see that resolved in the analytics because the viewing time evens out.
COOKIES
All of our software packages (analytics, contact, forms, forum, homepage, and shortener systems) use cookies to keep you logged in and to remember specific user preferences. Almost all cookies are required for everything to work correctly.
The only performance/tracking cookies we use are part of the analytics system, covered separely in this post.
Where content has been embedded, or you otherwise interact with third party services (such as Facebook and YouTube), they may set their own cookies. We cannot control this.
DATA BREACHES
If you become aware of a data breach, you must:
- Inform us immediately by using the contact system and using "Security" as the reason
- Prevent further data loss
- Assess what data has been breached
- Inform the police
- Investigate the who/what/where/when/why/how of the breach
- Inform all members through an announcement post and an email
- Inform the Information Commissioner's Office if the breach includes personal data
DATA PROTECTION
Are you registered with the Information Commissioners Office?
- As we are are not an organisation, and we are not sharing your data to third parties, we are not required to register with the Information Commissioners Office as a data controller.
- We have clarified this with the ICO in writing.
- Your personal data rights are the same, and we must still follow the Data Protection Act 2018.
- The forum software and web server will retain your IP address for up to 1 year.
- This excludes analytics and cookies, which are covered separately in this post.
- Your email address, to allow members to log in to the forum, and to communicate with you.
- Your IP address, for account security. We cannot stop our forum and web server software collecting your IP address anyway.
- Your affiliatons (such as employer) that you disclose on your profile, if your affiliation may conflict or have relevance to your content.
- We do not use your personal data for any algorithms, automated decision making, customisation, experimentation, profiling, etc.
- Your name, because you can use a fake name.
- Your National Insurance number, as it is immediately anonymised. The use of National Insurance numbers is covered separately.
- Other than your IP address, which our forum and web server software automatically collects, the only personal data we collect is the data that you provide us with.
- There are 6 bases for collecting your personal data, which are consent, contract, legal obligation, vital interests, public task and legitimate interests.
- Although you could say that you consented to the collection of your personl data when you registered, or that you entered a contract, our lawful basis is legitimate interests.
- We are collecting your personal data for your legitimate interest in having a free membership to our forum.
- The personal data we collect is in line with reasonable expectations and would not have an unwarranted impact on you.
- No, we do not share any personal data with any other party.
- We only share your personal data when we are legally required to, or for safeguarding.
- We will keep your personal data for all of the time that you are a member.
- You can terminate your account and remove your personal moved at any time, by filling in our privacy form. Your personal data will be removed within 30 days.
- If we terminate your account, such as for inactivity or misconduct, we will automatically remove your personal data within 30 days.
- After your personal data has been removed, it will be retained in backups for a further 30 days. We cannot remove personal data from backups.
- We will keep a record of your request to have your personal data removed for 60 days after removal. This is for backup restoration and demonstrate compliance.
- Personal data is stored on this server, which is hosted in the United Kingdom.
- Your personal data will additionally be retained in encrypted offsite backups, which is secured separately.
- If you request your personal data to be removed, it will automatically be removed from backups as newer backups replace older backups.
- Our contact system, forms, and forum software all encrypt your personal data.
- All staff are forced to have two factor authentication enabled on their accounts.
- Forum staff perform their staff responsibilities on a separate account to their personal account.
- Access to personal data is only provided to those who require it for their responsibilities.
- All software is kept up to date, ensuring we have the latest security patches.
- For significant changes, we will post an announcement in the announcements board. We may also send an email to all members.
- For insignificant changes, we will not post an announcement, but the changes log under this post will show the change.
- Your rights are shown here: https://ico.org.uk/for-organisation...esources/individual-rights/individual-rights/
- Rights relating to data portability do not apply, because of our lawful basis
- Rights relating to automated decision making do not apply, as we do not use any automated decision making.
- To contact us about your data, use our Data form, linked in the main menu.
DIRECT MESSAGES
We trust our members to use direct messages responsibly, so we do not actively review direct messages, whether automatically or manually.
However, forum staff still have the ability to read all direct messages sent on our forum, including direct messages that have been deleted or edited. This ability must only be used when a direct message has been reported, or when a staff member has a reasonable suspicion that a member is using the direct messages system irresponsibly. Staff members cannot read your direct messages for any other purpose. The staff member reviewing the direct messages has the right to review other unrelated direct messages but only to identify irresponsible use.
When a staff member reads a members direct messages, they will not inform you that they have done so, although they must still record the reason and outcome of the review internally, so that the forum management can audit these actions. Staff members found reading members direct messages without a valid purpose, or where they are not recording their actions correctly, will be disciplined.
